Claims 



What is claimed is: 

1 . A method of initializing secure operation of an integrated system, said method 
comprising: 

generating at least one key for the integrated system; 

loading initial code into the integrated system, the loading including using the at 
least one key to encrypt the initial code via a data access control function of the 
integrated system; and 

reinitializing the integrated system using the encrypted initial code. 

2. The method of claim 1, wherein the generating comprises generating within 
the integrated system the at least one key. 

3. The method of claim 1, wherein the data access control function comprises a 
hardware component of the integrated system. 

4. The method of claim 1, further comprising loading additional code into the 
integrated system using the encrypted initial code. 

5. The method of claim 4, wherein the loading of additional code includes 
utilizing the encrypted initial code to implement random key generation within the 
integrated system for use in encrypting the additional code by the data access control 
function. 

6. The method of claim 1, wherein the loading further includes encrypting the 
initial code using the at least one key and a memory address for whitening. 
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7. A method of recovering integrated system functionality following a trigger 
event, said method comprising: 

automatically establishing a reduced level of functionality within the 
integrated system; and 

allowing for full functional recovery of the integrated system by 
employing a selective recovery procedure. 

8. The method of claim 7, wherein the recovery procedure includes loading 
initialization code into the integrated system at a secure physical location. 

9. The method of claim 8, wherein the loading of initialization code further 
comprises loading unencrypted initialization code into the integrated system, including 
restoration initialization code, and wherein the method further comprises: 

executing the restoration initialization code to obtain a master key and a 
substitute initialization address; 

encrypting the restoration initialization code with the master key and 
storing the encrypted initialization code at the substitute initialization address; and 

reinitializing the integrated system using the stored encrypted initialization 
code at the substitute initialization address. 

10. The method of claim 9, further comprising storing the master key and the 
substitute initialization address in persistent storage associated with a data access control 
function of the integrated system. 
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11. The method of claim 9, wherein the initialization code further comprises a 
manufacturer's public key, and wherein the method further comprises: 

generating at the integrated system a public/private key pair; 

securely storing the integrated system's private key; and 

encrypting the integrated system's public key using the manufacturers 
public key. 

12. The method of claim 9, further comprising establishing a secure network 
connection between the integrated system and manufacturer, the establishing employing 
the generated public/private key pair, and downloading across the secure network 
connection required code and data to reestablish full functionality of the integrated 
system. 

13. The method of claim 7, wherein the automatically establishing the reduced 
level of functionality within the integrated system includes limiting access to secure code 
and data within the integrated system. 
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14. A system of initializing secure operation of an integrated system, said system 
comprising: 

means for generating at least one key for the integrated system; 

means for loading initial code into the integrated system, the loading 
including using the at least one key to encrypt the initial code via a data access 
control function of the integrated system; and 

means for reinitializing the integrated system using the encrypted initial 

code. 

15. The system of claim 14, wherein the means for generating comprises means 
for generating within the integrated system the at least one key. 

16. The system of claim 14, wherein the data access control function comprises a 
hardware component of the integrated system. 

17. The system of claim 14, further comprising means for loading additional code 
into the integrated system using the encrypted initial code. 

18. The system of claim 17, wherein the means for loading of additional code 
includes means for utilizing the encrypted initial code to implement random key 
generation within the integrated system for use in encrypting the additional code by the 
data access control function. 

19. The system of claim 14, wherein the means for loading further includes 
means for encrypting the initial code using the at least one key and a memory address for 
whitening. 
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20. A system of recovering integrated system functionality following a trigger 
event, said system comprising: 

means for automatically establishing a reduced level of functionality 
within the integrated system; and 

means for allowing for full functional recovery of the integrated system by 
employing a selective recovery procedure. 

21 . The system of claim 20, wherein the recovery procedure includes means for 
loading initialization code into the integrated system at a secure physical location. 

22. The system of claim 21, wherein the means for loading of initialization code 
further comprises means for loading unencrypted initialization code into the integrated 
system, including restoration initialization code, and wherein the system further 
comprises: 

means for executing the restoration initialization code to obtain a master 
key and a substitute initialization address; 

means for encrypting the restoration initialization code with the master 
key and storing the encrypted initialization code at the substitute initialization 
address; and 

means for reinitializing the integrated system using the stored encrypted 
initialization code at the substitute initialization address. 

23. The system of claim 22, further comprising means for storing the master key 
and the substitute initialization address in persistent storage associated with a data access 
control function of the integrated system. 
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24. The system of claim 22, wherein the initialization code further comprises a 
manufacturer's public key, and wherein the system further comprises: 

means for generating at the integrated system a public/private key pair; 

means for securely storing the integrated system's private key; and 

means for encrypting the integrated system's public key using the 
manufacturers public key. 

25. The system of claim 24, further comprising means for establishing a secure 
network connection between the integrated system and manufacturer, the establishing 
employing the generated public/private key pair, and downloading across the secure 
network connection required code and data to reestablish full functionality of the 
integrated system. 

26. The system of claim 20, wherein the means for automatically establishing the 
reduced level of functionality within the integrated system includes means for limiting 
access to secure code and data within the integrated system. 
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27. At least one program storage device readable by a machine embodying at 
least one program of instructions executable by the machine to perform a method of 
initializing secure operation of an integrated system, said method comprising: 

generating at least one key for the integrated system; 

loading initial code into the integrated system, the loading including using the at 
least one key to encrypt the initial code via a data access control function of the 
integrated system; and 

reinitializing the integrated system using the encrypted initial code. 
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28. At least one program storage device readable by a machine embodying at 
least one program of instructions executable by the machine to perform a method of 
recovering integrated system functionality following a trigger event, said method 
comprising: 

automatically establishing a reduced level of functionality within the 
integrated system; and 

allowing for full functional recovery of the integrated system by 
employing a selective recovery procedure. 
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